🚨 TP-Link’s Omada gateways just got hit with four major security flaws — two can let hackers run commands without logging in.

A remote attacker could take full control — no password needed.

Patch now. Details ↓ https://thehackernews.com/2025/10/tp-link-patches-four-omada-gateway.html

A tiny Rust bug just broke thousands of builds.

It’s called TARmageddon (CVE-2025-62518) — a flaw in the async-tar library that lets attackers slip hidden files inside nested TAR archives.

Unpatched since 2023, developers are now racing to fix it ↓ https://thehackernews.com/2025/10/tarmageddon-flaw-in-async-tar-rust.html

🚨 PassiveNeuron is still active.

Hackers are breaking in through Microsoft SQL servers, planting custom malware (Neursite & NeuralExecutor), and even using GitHub to hide their command servers — a rare move in state-level spying.

Full story → https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.html

🤖 Nearly 40% of alerts still go unseen.

AI-SOCs now handle triage, cut false positives, and alert teams with full context. But as Shahar Ben-Hador explains — outsource or not, you still own the breach.

$30K vs $100K+… here’s who should switch ↓ https://thehackernews.com/expert-insights/2025/10/what-happens-to-mssps-and-mdrs-in-age.html

🔒 8-character passwords are dead.
💀 Hackers crack “P@ssw0rd!” in months.
🔡 The fix isn’t symbols — it’s length.

16 simple letters beat any complex mix.
Use words, not symbols.

Why your policy still fails ↓ https://thehackernews.com/2025/10/why-you-should-swap-passwords-for.html

Hackers linked to China exploited a “patched” Microsoft SharePoint flaw to break into networks across four continents.

It wasn’t just spying — they found a way to bypass the patch that fixed a previous bypass.

Symantec warns the campaign is still spreading.

Read → https://thehackernews.com/2025/10/chinese-threat-actors-exploit-toolshell.html

Your cloud might flag the same issue across five tools — XDR, CSPM, SIEM, CMDB, and more.

Each reports it differently. None resolve it.

That’s the real challenge: detection is easy; remediation isn’t.

Learn how Pentera Resolve turns alerts into action → https://thehackernews.com/2025/10/bridging-remediation-gap-introducing.html

Which Industries Are Most at Risk for DDoS Attacks?

While DDoS attacks can hit any organization, some industries face far higher risk—and potentially greater impact when they do.

The latest DDoS Resiliency Score (DRS) report ranks the industries most frequently targeted and explains why.

Here's the list of the highest risk sectors. For the full list of industries, see here - https://thn.news/ddos-risk-map

Highest-risk sectors:
💰 Financial Services – Targets of hacktivism and extortion-driven outages.
⚡ Energy – At risk from politically or state-backed disruptions.
🏛️ Government – Frequent hacktivist targets, especially around elections.
🌐 Telecom – Increasingly hit by ransom-based attacks.
🎮 Gaming & Gambling – Vulnerable to extortion and competitive disruption.
💻 SaaS & Software – Susceptible to DDoS that erodes customer trust.

🚨 Developers, check your NuGet packages.

A fake NuGet package “Netherеum.All” — spelled with a Cyrillic ‘e’ — was stealing wallet keys from Ethereum .NET projects.

It even faked 11.7M downloads to look real.

Full story ↓ https://thehackernews.com/2025/10/fake-nethereum-nuget-package-used.html

🔴 A fake “Zoom meeting” from Ukraine’s President’s Office just hacked aid workers. The CAPTCHA wasn’t real — it opened a live remote shell through WebSocket.

A one-day domain. Six months of setup. Russian servers behind it.

The trojan’s still active ↓ https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html

⚠️ An Iranian hacking group used a real email account to plant a new backdoor in 100+ Middle East government networks.

They sent it through real diplomatic inboxes — and it worked.

Read ↓ https://thehackernews.com/2025/10/iran-linked-muddywater-targets-100.html

🚨 CISA just warned about a critical bug in Motex Lanscope (CVE-2025-61932).

Hackers can take control of systems by sending one malicious packet.

It’s already being used in real attacks.

Fix it before Nov 12 ↓ https://thehackernews.com/2025/10/critical-lanscope-endpoint-manager-bug.html

🚨 New Adobe Commerce flaw (CVE-2025-54236, CVSS 9.1) under active attack.

Over 250 exploit attempts in 24 hours—mostly on unpatched Magento sites.

PoC is public. Patch now.

Details → https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html

🎁 Hackers found a new jackpot — cloud gift cards.

A group called Jingle Thief broke into retail cloud systems and quietly issued fake gift cards for months, hiding inside Microsoft 365 accounts.

Full story ↓ https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html

In this 20-minute session, learn how to harden your images, secure dependencies, and lock down your CI/CD pipeline against real-world supply chain attacks.

📅 Tuesday, Oct 28 | 8 AM PST | 11 AM EST

🎥 Register Now ↓ https://thn.news/secure-stack-webinar

🚨 Static secrets are fading fast.

Teams using managed identities cut 95% of credential hassle—yet hidden API keys still lurk in legacy systems.

The fix? Run NHI discovery to find every key, then migrate 70–80% to managed identities.

Your roadmap ↓ https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html

From crypto fines to malware & data leaks — the week’s biggest cyber hits:

🇨🇦 Cryptomus fined $176M
🛰️ Starlink scam crackdown
🤖 AI vuln in Oat++ MCP
📧 Tykit phishing campaign

.... 15+ more important news stories.

Read the latest #ThreatsDay Bulletin 👇 https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html

📢 WEBINAR ALERT!

You can’t secure what you can’t see. AI agents are spreading fast — unseen, unmanaged & risky.

Join this free #cybersecurity session to learn how leading security teams are regaining control & speed.

🗓️ 27 Oct, 2025

🔗 Watch This ↓ https://thehackernews.com/2025/10/secure-ai-at-scale-and-speed-learn.html

North Korean hackers are posing as recruiters—again.

This time, they’re stealing drone tech from Europe’s defense firms.

The trap? A fake job PDF hiding a remote access tool.

It’s been active—undetected—since March.

Read → https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html

🚨 GlassWorm hits VS Code extensions — 14 infected builds, ~35K installs since Oct 17 2025.

It steals dev creds, drains crypto wallets, turns machines into bots — and auto-updates itself.

Read ↓ https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html